AT&T is the most recent large firm to suffer a major data leak. Nearly all of its mobile clients were impacted by the theft of user information from an internet database connected to its Snowflake account.
The hackers gained access to the call and text records of nearly all AT&T customers (approximately 109 million) between April 14 and April 25, 2024. Because Cricket, Boost Mobile, and Consumer Cellular use AT&T’s mobile network, their users were also affected by this hack.
In a Form 8-K report with the SEC on Friday morning, AT&T said that the stolen data included call and text records for almost all AT&T mobile customers as well as those of mobile virtual network operators (MVNOs). This data covers the period from May 1 to October 31, 2022, and January 2, 2023.
It also includes the number of interactions, such as calls or messages, as well as the total call time each day or month. Certain responses included one or more cell site identification numbers.
The AT&T data breach excludes customer names, call or text content, and private data such as dates of birth or Social Security numbers. Even if the communications metadata is not sensitive, it could be possible to identify specific people if it is paired with publicly accessible data.
Usage information, such as call and text message timestamps, was not compromised. But according to AT&T spokesman Alex Byers, the information included the quantity of calls and texts as well as the overall amount of time spent on calls on particular days or months.
In other words, while the data cannot identify the exact moment a phone number contacted another, it may disclose the frequency and duration of communication between two parties on a given day.
Alex stated that this event is completely unrelated to the one reported in March. AT&T stated that a data leak exposed the personal information, including Social Security numbers, of 73 million current and past customers on the dark web.
AT&T notified law enforcement and hired cybersecurity specialists after discovering the breach. The US Department of Justice granted AT&T permission to postpone public notification twice, on May 9 and June 5, 2024, in order to mitigate national security and public safety concerns.
AT&T swiftly disclosed the incident to the FBI and is currently working with the DOJ to find the attackers. The investigation has already led to the arrest of at least one individual involved.
Snowflake Data Theft Exposes AT&T Customer Records
According to AT&T, user information was “illegally downloaded from our workspace on a third-party cloud platform”. Multiple sources link the AT&T data breach to recent incidents where hackers compromised Snowflake, the cloud platform involved.
Snowflake, a cloud-based database provider, simplifies data storage and analytics for massive datasets.
Rather than a direct compromise of Snowflake’s infrastructure, identity-based hacks that target customer accounts are the main source of the company’s current security issues. AT&T discloses Snowflake-related data breaches alongside other big businesses like Ticketmaster and Santander Bank.
At least 165 organisations have been informed by Mandiant, a cybersecurity company owned by Google, that these attacks could have impacted them.
Snowflake’s chief information security officer, Brad Jones, said that Mandiant and CrowdStrike’s investigations found no proof of a platform vulnerability, misconfiguration, or breach.
After a data breach, online fraud and phishing attacks pose the biggest threat to AT&T customers. Attackers could try to pose as AT&T in chats if they have access to your identification.
Avoid clicking on links or downloading files from unknown senders via email or text messages. Hackers regularly use fake websites to steal credentials, credit card numbers, and other sensitive information. To reduce these risks, it is best to visit AT&T’s official website directly rather than following links from suspicious sites.
Phishing attacks are on the rise, and it is important to protect your organisation. One effective way to do this is by increasing user awareness about these types of attacks. Phishing Tackle is a great resource that can help you in this regard. They offer a free 14-day trial to help train your users to recognise and avoid phishing attacks.
Although technology can be helpful, it cannot spot 100% of phishing emails. Therefore, user education is important to minimising the impact of any successful attacks. Consulting with Phishing Tackle can provide valuable insights and tools to help you strengthen your defences against phishing attacks.